Missing authorization in the Eniture technology LTL Freight Quotes – Worldwide Express Edition plugin allows an attacker to gain access to functions that should be restricted to authorized users, as identified by a CWE-862 Authorization Failure concern. The vulnerability could enable manipulation or exposure of shipping data, potentially compromising confidentiality and integrity of business processes. The CVE description confirms that incorrectly configured access control levels create this exposure.

The issue affects the Eniture technology WordPress plugin LTL Freight Quotes – Worldwide Express Edition from any version up through 5.2.1. Users running version 5.2.1 or earlier must check their installation for the presence of these versions and plan for an upgrade.

The quantified CVSS score of 5.3 indicates a moderate risk level. Exploit probability data are not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed public exploits. Attackers would likely target the plugin’s web interface or API endpoints, implying a remote attack vector. In the absence of further technical details in the CVE entry, it is reasonable to infer that the plugin exposed endpoints that do not enforce proper authentication or authorization checks.